The long awaited Google phone turned out to be just an OS. What does it mean for us, mobile software developers?

Personally, I think this is great news. An open mobile platform is something that was long due to stir up the world of RIM-Windows-Symbian.

Android managed to get many things right from the very beginning, things that took several years for S60. While S60 initially took Microsoft-style approach to development community - with multi-level support, exclusive club membership with access to the source code, signing and licensing, Android is quite open and democratic.

When Google announced Android SDK - my first thoughts were - it’s a smart move to release SDK before devices are available. Google’s name alone would be enough to attract developers and hackers to this new platform, so they can create a developer community by the time devices are shipping. Then Google announced developer challenge with $10mln in awards.

Read the rest of this entry »

(Via: Gábor Török and Antony Pranata)

Well, hacked - sort of. Apparenlty it is possible to obtain AllFiles capability for your applications by changing a few lines in Nokia Software Update files and flashing your phone, as described here.

For developers that means that with certain amount of effort they will be able to make their life a bit easier and explore previously hidden features of SymbianOS.

For hackers that means that they can access data cages of all applications on a stolen phone (e.g. with Y-Browser with AllFiles capability) and extract passwords from configuration files (e.g. e-mail, IM client, browser, virtually all applications that access internet services and store passwords on the mobile without encryption)

This is the first publicly available evidence of a possibility for 3rd parties to obtain AllFiles and other capabilities available only to phone manufacturers. Symbian Platform Security was considered to be “unbreakable” by far, and technically it still is - the blunder is really on NSU part.

In the past couple of months I’ve been doing internal trainings, and on pretty much every one of them I was getting questions regarding Symbian platform security. And to be honest, platform security is something that made me loose my sleep a few times over the past couple of years.

But I don’t want this to be yet another post about how bad the PlatSec is, and the reason for that is that I believe it actually is a good thing. Here are some facts.

Read the rest of this entry »